The number one source for Android apps is Google's Play Store. Google promises that every app is tested before it's released on the store. "Users play it safe when they only buy apps via Play," says tech journalist Ronald Eikenberg.
With Play Protect, Google has also integrated a virus scanner that regularly checks all installed apps. Even so apps with harmful content sometimes do get onto the Play Store. However, this is rare and the problem is usually quickly resolved.
Of course, even with Play Protect there's always a residual risk that something will slip through the net. Virus scanners are available but their functionality is limited because Android doesn't allow deep insight into the system.
The reason is a security mechanism that keeps malicious users away from important functions, but also denies virus scanners thorough analysis, Eikenberg explains.
This means that anti-virus apps can't search for the typical features of malware but can only compare installed apps against lists of known malware.
Such virus scanners are only as good as the database they access and new malware that isn't on a list won't be detected.
In any case it's advisable not to rely blindly on Play Protect or another virus scanner to pick up problems with apps you install. The user also has a responsibility to be cautious.
"A prudent use of the smartphone is important, especially if the app does not come from Play but an alternative source," says Matteo Cagnazzo from an Internet security research institute in Germany.
For one thing, it's recommended never to download brand new apps that haven't been rated and also to be aware of counterfeit apps.
Malware often hides in copied versions of known apps so you should always check carefully whether an app really comes from the developer it purports to come from. Here customer reviews can be helpful.
Also avoid apps that promise paid content for free or which offer features that the original versions of popular apps didn't have.
In 2016 there were around 16.5 million known malware programs for Android, Cagnazzo says, and "every year about 3.5 million are added".
Most commonly, malicious apps try to spy on users and steal their data. To do this the apps need access to the user's contacts, phonebook, microphone, camera or location data. If the user gives them permission to access these, the apps can then send that data to servers.
So before giving permissions to an app, it makes sense to think twice. Does a game really need access to the phone's camera? Does a photo app need to see your phonebook? It's best not to allow a permission if you have any doubts about it.
It's also recommended to install operating system updates as quickly as possible – these not only bring new features but plug security holes. — dpa
Did you find this article insightful?